On the 23^rd of April, Bitdefender rolled out new functionality in Bitdefender GravityZone, a comprehensive cybersecurity platform that provides prevention, protection, detection, and response capabilities for organizations of all sizes. These features, consistent with our multi-layered security strategy, are intended to ease the workload of security analysts, administrators, and users.

What’s new for Security Analysts

In a dynamic cybersecurity landscape, security analysts are responsible for uncovering any signs of potential sophisticated attacks to make the invisible visible. This section describes new functionality designed to elevate the capabilities of analysts, offering enhanced tools for threat detection, investigation, and response.

Bitdefender Threat Intelligence Enhancements

Bitdefender Threat Intelligence consolidates massive quantities of Indicators of Compromise (IoCs) in real-time from multiple sources such as the Bitdefender Global Protective Network (GPN) that protects hundreds of millions of systems, honeypots, industry, and technology licensing partners (OEM ecosystem). This cloud-based service verifies and simplifies this threat data, offering low-latency and high-throughput access to highly accurate information (with minimal false positives) to organizations worldwide, ultimately improving their detection and filtering capabilities.

The latest release introduces the new Vulnerabilities API in Reputation TI. Our OEM and Tech licensing partners can interrogate our database with cumulative criteria based on CVE, vendor name, product name, and CVSS score. The Vulnerabilities API, in summary, returns a list of CVEs based on the search criteria or list of exploits currently being used or known to exist.

Additionally, in our Reputation Feeds, we have added a new Malvertising verdict. Malvertising is a malicious attack that uses harmful ads or links disguised as legitimate advertising on the web, social media, and public service providers. These deceptive advertisements lead unaware victims to unsafe destinations or scenarios, resulting in a variety of unwanted outcomes such as account takeover, loss of Personally Identifiable Information (PII), malware installations, phishing, and various other scams.

Malvertising verdict is available in services such as: URL Status (showing the verdict as a Status), Web Reputation (identifying it as a Threat Type), IP Reputation (indicated by a Tag), Threat Objects, and Included Indicators (also shown as Tags). For example, if the URL was used for the distribution of malvertising, an additional Threat Type will be added to the Web Reputation result.

If you want to learn more about the Bitdefender Threat Intelligence service or start a demo, click here.

EDR Incidents Enhancements

Bitdefender GravityZone Incidents functionality helps you filter, investigate, and take action on all detected security events. The Endpoint Incidents tab displays all suspicious activities identified by EDR at the endpoint level. These activities require investigation and have not been addressed yet.

To unified investigation flow with the latest release, the Remediation section was moved from the Endpoint Incidents tab and is now available for you in the new EDR Response tab. The Response section includes actions requiring immediate attention, actions that have already been executed, or actions that have been dismissed. EDR Response actions will now mark tasks as Failed if they are unresponsive for two days.

What’s new for Administrators

With administrators constantly juggling numerous tasks and responsibilities, tools designed to make their daily tasks easier are highly appreciated. This section describes new functionality designed to facilitate the management of features responsible for prevention, protection, and detection in a defense-in-depth security architecture.

Anti-Tampering Enhancements

Anti-tampering techniques play a crucial role in endpoint security by safeguarding security software from unauthorized modifications or disruptions. With the latest release, we have added additional anti-tampering functionalities to protect the BEST agent against the unlikely scenario of a new threat being engineered to bypass the existing anti-tampering layer or user misuse.

Anti-Tampering functionality is available for configuration in the Antimalware section of the Policies configuration. With the default configuration, the BEST agent will deny access to vulnerable drivers and report callback evasion.

The Callback Evasion detection technology can identify when callbacks related to security software have been maliciously removed or disabled due to attacks that gain access to the kernel and disable the security agent, compromising product integrity. You can for example configure endpoint isolation functionality to activate when such an action is detected, preventing lateral movement by threat actors within the network. The technology is compatible with Windows operating systems.

Anti-Tampering can detect when attackers leverage Vulnerable Drivers. This technique exploits the trust established by legitimate drivers to gain unauthorized access. Attackers might embed malicious drivers within seemingly harmless software packages or manipulate existing drivers. Once activated, these vulnerable drivers can be used for malicious activities to gain access to the kernel and disable the security agent. If vulnerable drivers are detected, you can, for example, configure a policy to deny access. The technology is compatible with Windows and Linux operating systems.

With the default configuration, you will receive Notifications about Callback Evasion events in the GravityZone Console. These notifications can be modified in the Notification Settings.

The Security Audit Report available in the Report section provides you with all the details about Anti-Tampering detections.

Quarantine Enhancements

With the latest release, you can now directly submit quarantined files to Bitdefender Labs from the Quarantine section in Bitdefender GravityZone. The new option, Submit to Bitdefender Labs, enables you to submit previously retrieved files for in-depth analysis, which can rule out possible false positive detections. You will receive the analysis results at the email address provided when submitting the file. Keep in mind that retrieved files are stored in GravityZone for only 24 hours, after which they will be automatically deleted. Each retrieved file can be submitted to Bitdefender Labs only once. In case of multiple attempts, we will notify you that the file has already been submitted.

Additionally, we have enhanced the retrieve functionality. Until now, the retrieve functionality was available only for Windows and macOS machines. With the latest release, you can now remotely retrieve and download quarantined files from endpoints running Linux operating systems.

Incident notification Enhancements

Bitdefender GravityZone may display notifications in the Notification Area or send them via email, keeping you informed about the security status of your environment. These notifications help you stay informed and take timely actions to protect your systems and data.

With the latest release the Notification system has been improved. We have merged all existing incident notifications (Extended Incidents, Endpoint Incidents, and Deleted Threats) into a single New Incident notification. This new notification conveniently includes a hyperlink directly within the body. Clicking the incident number will take you straight to the incident details in the console. For your convenience, if you had at least one of these incidents checked before the update, the new notification will be automatically activated by default.

Notification Template Redesign

With the latest release we implemented a new template for all the notifications. The notifications sent over email now include new email subjects and notification titles. Additionally, some notifications in GravityZone Control Center have been renamed. For example, the existing notification name User Control event will have a new email subject and title: Content Control event. If you use rules in your email client, you will need to make modifications to adjust your existing rules.

On our Bitdefender Support Center portal, you can find all the notification changes introduced with the latest GravityZone release.

Summary

Bitdefender GravityZone platform stands out from the crowd, offering a one-stop solution for all your organization's security needs. As the digital landscape evolves, Bitdefender remains proactive, providing prevention, protection, detection, and response capabilities, ensuring the ongoing safety of organizations of all sizes worldwide.

To learn more about the Bitdefender GravityZone platform, contact us or a Bitdefender partner for more information. You can also start a free trial by requesting a demo here.